Cisco Cisco Email Security Appliance C190 Guia Do Utilizador
9-31
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 9 Using Message Filters to Enforce Email Policies
Message Filter Rules
Recipient Count Rule
The
rcpt-count
rule compares the number of recipients of a message against an integer value, in a
similar way to the
body-size
rule. This can be useful for preventing users from sending email to large
numbers of recipients at once, or for ensuring that such large mailing campaigns go out over a certain
Virtual Gateway address. The following example sends any email with more than 100 recipients over a
specific Virtual Gateway address:
Virtual Gateway address. The following example sends any email with more than 100 recipients over a
specific Virtual Gateway address:
Address Count Rule
The
addr-count()
message filter rule takes one or more header strings, counts the number of recipients
in each line and reports the cumulative number of recipients. This filter differs from the
rcpt-count
filter rule in that it operates on the message body headers instead of the envelope recipients. The
following example shows the filter rule used to replace a long list of recipients with the alias,
“undisclosed-recipients”:
following example shows the filter rule used to replace a long list of recipients with the alias,
“undisclosed-recipients”:
Body Scanning Rule
The
body-contains()
rule scans the incoming email and all its attachments for a particular pattern
defined by its parameter. This includes delivery-status parts and associated attachments. The
body-contains()
rule does not perform multi-line matching. The scanning logic can be modified on the
Scan Behavior page or using the
scanconfig
command in the CLI to define which MIME types should
or should not be scanned. You can also specify a minimum number of matches that the scanning engine
must find in order for the scan to evaluate to true.
must find in order for the scan to evaluate to true.
By default, the system scans all attachments except for those with a MIME type of
video/*
,
audio/*
,
image/*
. The system scans archive attachments —
.zip
,
.bzip
,
.compress
,
.tar
, or
.gzip
attachments
containing multiple files. You can set the number of “nested” archived attachments to scan (for example,
a
a
.zip
contained within a
.zip
).
For more information, see
.
large_list_filter:
if (rcpt-count > 100) {
alt-src-host('mass_mailing_interface');
}
count: if (addr-count("To", "Cc") > 30) {
strip-header("To");
strip-header("Cc");
insert-header("To", "undisclosed-recipients");
}